Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Tony Pros <tony@tpro.tech>
To: "wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: Wireguard Windows Service Issues
Date: Wed, 05 Jan 2022 18:47:46 +0000	[thread overview]
Message-ID: <M95S0K3OLlWrjbBpofGUvTbVG6o7H8pKclgaVy8bSYAIklVksUf0PfyKeTYWPtt9QUBcrGlmQXnKvvndSWIntkZ-_pWfIG9vGbjeyv7H1jQ=@tpro.tech> (raw)

I believe there's a bug in the Windows service implementation, if this issue is by design, it's problematic.

I have non-admin users were when I initially set them up with wireguard, I configured it to use the service, using the command:

wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\vpn.domain.org.conf.dpapi"

The tunnel worked fine the first time. Then the user reboots the laptop, or closes it or leaves whatever coffee shop they were at and get disconnected from the wireless network they were using. When this happens, for some reason, the wireguard service then gets torn down never to come back again until I issue the command from my admin account again.

There was an issue with some users initial configuration in that they could not query hostname via DNS, so that entering the command to installservice would not even create the service.

Here's a few notes that might help with understanding.
- Users must have the VPN established before they log into the active directory servers on the remote network so that they can get all of their GPO directives.
- Wireguard Service should stay up so that any time a users connects to any network, the VPN is established immediately after that.
- The Wireguard service should also stay because non-admin users cannot create a new service


If this issue is how things will stay, and this is not considered a bug, how would you configure windows non-admin users to tunnel to an enterprise network before login via WireGuard and to continuously try to establish the tunnel while the user is not connected to a network?


--
Tony Pros - Owner
tony@tpro.tech
615 656 3543

T-Pro Tech LLC
Audio & IT Consulting

             reply	other threads:[~2022-01-16 21:10 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-05 18:47 Tony Pros [this message]
2022-01-17 10:51 ` Simon Rozman
2022-01-17 11:18   ` tlhackque
2022-01-17 12:47     ` Simon Rozman
2022-01-21 21:03   ` Tony Pros
2022-01-24 14:47     ` Simon Rozman
2022-01-24 18:17   ` Simon McNair

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='M95S0K3OLlWrjbBpofGUvTbVG6o7H8pKclgaVy8bSYAIklVksUf0PfyKeTYWPtt9QUBcrGlmQXnKvvndSWIntkZ-_pWfIG9vGbjeyv7H1jQ=@tpro.tech' \
    --to=tony@tpro.tech \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).